Personal Data Protection

Identity and contact details of the Controller

alapalla, s.r.o.
Mladoboleslavská 1/4880
902 01 Pezinok
Company ID: 51 183 650
Tax ID: 2120616795
VAT ID: SK2120616795
company registered in the Commercial Register of the District Court Bratislava I, Section: Sro, File No.: 123487/B

e-mail: info@myalapalla.com
tel.: 0905 044 777/ 0800 500 933
web: www.myalapalla.com

Purpose of personal data processing and legal basis

1. Order of goods – concluding a purchase contract and related actions – order processing, payment, delivery of goods, claiming liability for defects of the goods, etc.

The legal basis for processing for the above purpose is the performance of a contract – Art. 6 par. 1 letter b) of the Regulation.

2. Customer account – facilitating the ordering of goods and overview of previous purchases

The legal basis for processing for the above purpose is the consent of the data subject – Art. 6 par. 1 letter a) of the Regulation.

3. Marketing purposes – providing comprehensive information about the products and services of the Controller in the form of sending news (newsletter) via electronic means (e-mail)

The legal basis for processing for the above purpose is the consent of the data subject – Art. 6 par. 1 letter a) of the Regulation.

4. Cookies – ensuring the operation of the website and identifying the behaviour of customers and visitors; customizing marketing offers

The legal basis for processing for the above purpose is the consent of the data subject – Art. 6 par. 1 letter a) of the Regulation.

5. Contact form – answering questions and solving problems

The legal basis for processing for the above purpose is the legitimate interest of the controller – Art. 6 par. 1 letter f) of the Regulation (the legitimate interest of the controller and at the same time the (legitimate) interest of the contacting person in the processing of the personal data concerned arises from the purpose of answering their questions or solving problems, and thus maintaining and promoting satisfaction of the customer or user of the controller’s website)

The recipients or categories of recipients of the personal data

ZoneMedia, s.r.o. with its registered seat at Párovská 16, 949 01 Nitra, Company ID: 44 278 837, registered in the Commercial Register of the District Court Nitra, Section: Sro, File No.: 22743/N – technical support

Studio Goat s. r. o. with its registered seat at Iľjušinova 8, 851 01 Bratislava, Company ID: 36 489 000, registered in the Commercial Register of the District Court Bratislava I, Section: Sro, File No. 45616/B – design and technical support

MailChimp c/o The Rocket Science Group, LLC, with its registered seat at 675 Ponce De Leon AVE NE, Suite 5000, Atlanta, GA 30308 USA, MOSS No. EU 826 477 914 (hereinafter also referred to as the “”MailChimp””) – sending newsletters

GLS General Logistics Systems Slovakia, with its registered seat at Budča 1039, 962 33 Budča, Company ID: 36 624 942, registered in the Commercial Register of the District Court Banská Bystrica, Section: Sro, File No.: 9084/S – courier service

INSPEKTA SLOVAKIA, a. s., with its registered seat at Zelinárska 2, 820 05 Bratislava, Company ID: 31 340 911, registered in the Commercial Register of the District Court Bratislava I, Section: Sa, File No.: 502/B – contract partner of the courier company FedEx

Websupport, s.r.o., with its registered seat at Staré Grunty 12, 841 04 Bratislava, Company ID: 36 421 928, registered in the Commercial Register of the District Court Bratislava I, Section: Sro, File No.: 63270/B – hosting

providers of applications used in connection with cookies (see below)

ECONOMY OFFICE MK, s. r. o. with its registered seat at Mýtna 39, 902 01 Pezinok, Company ID: 48 250 546, registered in the Commercial Register of the District Court Bratislava I, Section: Sro, File No.: 105316/B – accounting and economic service

Transfer of data to a third country

MailChimp will transfer the personal data to third countries, namely to the United States of America. MailChimp has its own certification for EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield in order to comply with the security rules regarding the personal data protection and legally transfers the personal data from the EU/EEA to the United States in accordance with the certification for Privacy Shield. Every year, MailChimp also undergoes the SOC II Type 2 certification in the field of Basic Trust Services Criteria, Processing Integrity, Confidentiality and Availability. A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation (Article 45 par. 1 of the Regulation). From the information available on the website of the Office for Personal Data Protection of the Slovak Republic (https://dataprotection.gov.sk/uoou/sk/content/prenos-do-krajin-zarucujucich-primeranu-urovenochrany), companies certified in the Privacy Shield with their registered seats in the United States of America are among the entities that the European Commission has included, in its relevant decision, in the list of entities established in third countries that ensure an adequate level of personal data protection under the Regulation. You can find the Commission decisions on the adequate protection of personal data at TU.

Retention period of personal data

The retention period of personal data is (i) for the period necessary to process and record your order (usually 4 years), (ii) for the period of creating a customer account (if you create it), (iii) for the period of registration for the newsletter (until unsubscribing) or the processing of your inquiry/suggestion and (iv) in the case of other processing on the basis of consent, until its withdrawal.

Rights of the data subjects

The data subject (the person whose personal data are being processed) has the right:

  • of access to data pursuant to Art. 15 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (herein also referred to as the “”Regulation””), in particular (i) the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and (ii) the information on the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data are not collected from the data subject, any available information as to their source, the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject, (iii) the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation relating to the transfer, where personal data are transferred to a third country or to an international organisation, (iv) the right to a free copy of the personal data undergoing processing (for any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs; where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form) – the right to obtain such copy shall not adversely affect the rights and freedoms of others.
  • to rectification of the personal data under Art. 16 of the Regulation without undue delay and the right to have incomplete personal data completed under the quoted article of the Regulation, including by means of providing a supplementary statement.
  • to erasure of personal data (right to be forgotten) under Art. 17 of the Regulation, without undue delay and provided that (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the Regulation, and where there is no other legal ground for the processing, (iii) the data subject objects to the processing pursuant to Article 21(1) of the Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the Regulation, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject, (vi) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the Regulation; this shall not apply if the processing of personal data is necessary for the reasons set out in Article 17(3) of the Regulation.
  • to restriction of personal data processing under Article 18 of the Regulation if (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data, (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, (iv) the data subject has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • to personal data portability under Article 20 of the Regulation – the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where (i) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the Regulation or on a contract pursuant to point (b) of Article 6(1) of the Regulation, and (ii) the processing is carried out by automated means.
  • to object to the processing of personal data under Article 21 of the Regulation – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the Regulation, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • to withdraw its consent at any time, where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) of the Regulation; the withdrawal of the consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • to lodge a complaint with a supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, https://dataprotection.gov.sk/uoou/sk

Cookies

Cookies allow us to remember your actions and preferences (such as login, language, order details in the shopping cart) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

At the same time, cookies help us understand what you are interested in on our website, whether it is well-arranged for you and whether you can find what you are looking for on it.

Cookies can also collect additional information, such as the number of visitors to our website and which sites of our website you visit most often. They are also used to show you advertising and site content that is relevant to you based on your interests and needs.

On our websites we use:

Functional and technical cookies – They are needed for the proper performance and display of our website; therefore (and also due to their technical nature) your consent is not required for their storing and processing.

Analytics cookies – These cookies are used to obtain data on traffic to our website, data on searches performed on our website and also to find out how you navigate our website (so that we can make it user-friendly). We use the following third-party solutions for these cookies:

  • Google Analytics – Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; You can find more information about the privacy policy here, and you can install the software add-on to disable cookies here.
  • Hotjar – Address: Hotjar Ltd. Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta; You can find more information about the privacy policy here, and you can install the software add-on to disable cookies here.Marketing and advertising cookies – We use these cookies to display you the content (including advertising) on our website that takes into account your previous preferences. We use the following third-party solutions for these cookies:
  • Facebook Pixel – Address: Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland; You can find more information about the privacy policy here, and you can install the software add-on to disable cookies here.
  • Google Tag Manager – Address: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; You can find more information about the privacy policy here, and you can install the software add-on to disable cookies here.You can also adjust the cookies settings (including the rejection or restriction of their processing) in your browsers. You can find information about browsers and how to set preferences for cookies on the following websites or in other documentation of browsers:
  • Chrome
  • Firefox
  • Internet Explorer
  • Android

Notice

You can withdraw your consent to receive newsletters at any time by unsubscribing from the newsletter on our website. The unsubscribe link can be found here or at the end of each newsletter. After unsubscribing, your personal data will be deleted.

Last updated on 6 November 2018